sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add all hosts to sops

Browse source
This commit is contained in:
zowoq 2024-12-16 08:34:43 +10:00
parent 7478e0268a
commit b260b29a85
6 changed files with 73 additions and 12 deletions

45
.sops.yaml
View file

@ -1,5 +1,14 @@
# AUTOMATICALLY GENERATED WITH: $ inv update-sops-files # AUTOMATICALLY GENERATED WITH: $ inv update-sops-files
creation_rules: creation_rules:
- key_groups:
- age:
- age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/build01/secrets.yaml$
- key_groups: - key_groups:
- age: - age:
- age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d - age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d
@ -18,6 +27,42 @@ creation_rules:
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h - age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n - age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/build03/secrets.yaml$ path_regex: ^hosts/build03/secrets.yaml$
- key_groups:
- age:
- age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/build04/secrets.yaml$
- key_groups:
- age:
- age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/darwin01/secrets.yaml$
- key_groups:
- age:
- age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/darwin02/secrets.yaml$
- key_groups:
- age:
- age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy
- age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
- age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
- age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
- age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
path_regex: ^hosts/web02/secrets.yaml$
- key_groups: - key_groups:
- age: - age:
- age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy - age1dzvjjum2p240qtdt2qcxpm7pl2s5w36mh4fs3q9dhhq0uezvdqaq9vrgfy

1
modules/darwin/common/default.nix
View file

@ -9,6 +9,7 @@
./packages.nix ./packages.nix
./reboot.nix ./reboot.nix
./software-update.nix ./software-update.nix
./sops-nix.nix
./telegraf.nix ./telegraf.nix
./users.nix ./users.nix
inputs.agenix.darwinModules.age inputs.agenix.darwinModules.age

7
modules/darwin/common/sops-nix.nix Normal file
View file

@ -0,0 +1,7 @@
{ inputs, ... }:
{
imports = [
../../shared/sops-nix.nix
inputs.sops-nix.darwinModules.sops
];
}

13
modules/nixos/common/sops-nix.nix
View file

@ -1,16 +1,7 @@
{ { inputs, ... }:
config,
inputs,
lib,
...
}:
let
defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
in
{ {
imports = [ imports = [
../../shared/sops-nix.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
} }

12
modules/shared/sops-nix.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
inputs,
lib,
...
}:
let
defaultSopsPath = "${inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
in
{
sops.defaultSopsFile = lib.mkIf (builtins.pathExists defaultSopsPath) defaultSopsPath;
}

7
sops.json
View file

@ -7,7 +7,12 @@
"zowoq": "age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n" "zowoq": "age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n"
}, },
"hosts": { "hosts": {
"build01": "age17jtyn2y4fpey6q7ers9gtnh4580xj89zdjuew9nqhxywmsaw94fs5udupc",
"build02": "age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d", "build02": "age1kh6yvgxz9ys74as7aufdy8je7gmqjtguhnjuxvj79qdjswk2r3xqxf2n6d",
"build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq" "build03": "age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq",
"build04": "age1r464z5e2shvnh9ekzapgghevr9wy7spd4d7pt5a89ucdk6kr6yhqzv5gkj",
"darwin01": "age1tc0yavxcq9hnf8rl5akv4twzaqkz5p9g80r2kf8cdv4urxgm4qnszccsy3",
"darwin02": "age1xpzexnaulzdjtnwstvgvtq2ar7nkk2lj46u96ewjvtgt7g47jsxs0mhag3",
"web02": "age158v8dpppnw3yt2kqgqekwamaxpst5alfrnvvt7z36wfdk4veydrsqxc2tl"
} }
} }